Merge branch 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x into pki-cli

* 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x: pki: ipsec: T3642: Update migration script to account for file permission issues pki: ipsec: T3642: Migrate IPSec to use PKI configuration pki: T3642: New PKI config and management
author: Christian Poessinger <christian@poessinger.com> 2021-07-01 20:50:57 +0200
committer: Christian Poessinger <christian@poessinger.com> 2021-07-01 20:50:57 +0200
commit: 469e57398f3a9700fee210a94e57601f51466f43 (patch)
tree: 4b0b4e7e8ea68938511a62e990a7d1b24de1d7ee /data
parent: d565d4baffb930462f1a913d6f8a80111958a6f8 (diff)
parent: 30e4f083c98f93058c59f89e140819f7a3151f43 (diff)
download: vyos-1x-469e57398f3a9700fee210a94e57601f51466f43.tar.gz
vyos-1x-469e57398f3a9700fee210a94e57601f51466f43.zip
3 files changed, 5 insertions, 4 deletions
diff --git a/data/configd-include.json b/data/configd-include.json
index ee939decd..2e6226097 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -32,6 +32,7 @@
 "nat.py",
 "nat66.py",
 "ntp.py",
+"pki.py",
 "policy.py",
 "policy-local-route.py",
 "protocols_bfd.py",
diff --git a/data/templates/ipsec/swanctl.conf.tmpl b/data/templates/ipsec/swanctl.conf.tmpl
index d082729cb..0ff08ee15 100644
--- a/data/templates/ipsec/swanctl.conf.tmpl
+++ b/data/templates/ipsec/swanctl.conf.tmpl
@@ -55,9 +55,9 @@ secrets {
     }
 {%            elif peer_conf.authentication.mode == 'x509' %}
     private_{{ peer_conn_name }} {
-        file = {{ peer_conf.authentication.x509.key.file }}
-{%                if "password" in peer_conf.authentication.x509.key and peer_conf.authentication.x509.key.password %}
-        secret = "{{ peer_conf.authentication.x509.key.password}}"
+        file = {{ peer_conf.authentication.x509.certificate }}.pem
+{%                if peer_conf.authentication.x509.passphrase is defined %}
+        secret = "{{ peer_conf.authentication.x509.passphrase }}"
 {%                endif %}
     }
 {%            elif peer_conf.authentication.mode == 'rsa' and not ns.local_key_set %}
diff --git a/data/templates/ipsec/swanctl/peer.tmpl b/data/templates/ipsec/swanctl/peer.tmpl
index 68284d7d9..c97ac1f67 100644
--- a/data/templates/ipsec/swanctl/peer.tmpl
+++ b/data/templates/ipsec/swanctl/peer.tmpl
@@ -35,7 +35,7 @@
             auth = {{ auth_type }}
 {%    endif %}
 {%    if peer_conf.authentication.mode == 'x509' %}
-            certs = {{ peer_conf.authentication.x509.cert_file }}
+            certs = {{ peer_conf.authentication.x509.certificate }}.pem
 {%    elif peer_conf.authentication.mode == 'rsa' %}
             pubkeys = localhost.pub
 {%    endif %}
author	Christian Poessinger <christian@poessinger.com>	2021-07-01 20:50:57 +0200
committer	Christian Poessinger <christian@poessinger.com>	2021-07-01 20:50:57 +0200
commit	469e57398f3a9700fee210a94e57601f51466f43 (patch)
tree	4b0b4e7e8ea68938511a62e990a7d1b24de1d7ee /data
parent	d565d4baffb930462f1a913d6f8a80111958a6f8 (diff)
parent	30e4f083c98f93058c59f89e140819f7a3151f43 (diff)
download	vyos-1x-469e57398f3a9700fee210a94e57601f51466f43.tar.gz vyos-1x-469e57398f3a9700fee210a94e57601f51466f43.zip